AMENDMENTS TO THE CLAIMS 

1. (Currently amended) A method for providing confid e ntiality certificates in a 
communication system, the m e thod communication system comprising a client and a certificate 
authority, the method comprising : 

the client utilizing self-provisioning to initiate a certificate signing request; 
the certificate authority receiving the certificate signing request and creating a valid 
certificate by signing the request; and 

the valid certificate being returned to the client . 

utilizing asymm e trical and symm e trical e ncryptions for s e l e ct e d communications; 
wher e in th e asymm e trical and symm e trical e ncryptions are utiliz e d so as to ensur e 
confidentiality of the sel e ct e d communications. 

2. (New) The method of Claim 1 , wherein the communication system further 
comprises an administrator, the administrator receiving the certificate signing request from the 
client and approving the request before forwarding it to the certificate authority. 

3. (New) The method of Claim 2, wherein after the request is signed by the 
certificate authority to create a valid certificate, the valid certificate is sent back to the 
administrator before it is delivered to the client. 

4. (New) The method of Claim 3, wherein the delivery of the valid certificate to the 
client comprises placing the certificate into a directory server which is then made available to the 
client. 
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5. (New) The method of Claim 1, wherein when the certificate signing request is 
received by the certificate authority, a public/private key pair is received along with the 
certificate signing request. 

6. (New) The method of Claim 5, wherein the public/private key pair is generated 
by the client. 

7. (New) The method of Claim 5, wherein the public/private key pair is generated 
by an administrator. 

8. (New) The method of Claim 1, wherein as part of the signing of the request by 
the certificate authority, the certificate is encrypted with the certificate authority's private key. 

9. (New) The method of Claim 8, wherein the signing of the request by the 
certificate authority further comprises including an expiration date. 

10. (New) The method of Claim 8, wherein the signing of the request by the 
certificate authority further comprises including the certificate authority's public key. 

11. (New) The method of Claim 10, wherein when the client receives the signed 
certificate, the client also receives a copy of the certificate authority's public key. 

12. (New) The method of Claim 1, wherein after the client receives the valid 
certificate, the valid certificate may be utilized by the client to initiate a communication session 
which utilizes both asymmetrical and symmetrical encryption. 

13. (New) The method of Claim 1, wherein the client is assigned two IP addresses, 
including a physical address and a virtual address. 
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14. (New) The method of Claim 13, wherein when the client is mobile, the physical 
address may change but the virtual address remains the same, thus allowing communications 
destined for the client to be routed appropriately to the client's current location. 

15. (New) The method of Claim 1, wherein the communication system provides 
authentication centrally, and then allows peer-to-peer connections to be established between the 
client and a sentry. 

16. (New) The method of Claim 1, wherein both the client and a server are required 
to exchange valid certificates in order to establish a communication session. 

17. (New) A communication system coupled to a network, the network providing 
access points for clients, the communication system comprising: 

an administrator for administrating and managing the network; 
an internet router; 

a sentry for providing end-to-end encryption and decryption of data to and from the 
Internet; and 

an access controller for firewalling access to the communication system, wherein the 
clients are required to hold valid certificates in order to access the communication system. 

18. (New) The system of Claim 17, wherein a client utilizes self-provisioning to 
initiate a certificate signing request, the sentry receiving the signing request and creating a valid 
certificate by signing the request, the valid certificate being returned to the client. 

19. (New) The system of Claim 18, wherein the administrator receives the certificate 
signing request from the client and approves the request before forwarding it to the sentry. 
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20. (New) The system of Claim 17, wherein the sentry utilizes both asymmetrical 
and symmetrical encryption to ensure confidentiality. 

21. (New) The system of Claim 17, wherein clients are assigned two IP addresses, 
including a physical address and a virtual address. 

22. (New) The system of Claim 21, wherein when the client is mobile the physical 
address may change but the virtual address remains the same, thus allowing communications 
destined for the client to be routed appropriately to the client's current location. 

23. (New) The system of Claim 17, wherein within the communication system 
authentication is provided centrally, after which peer-to-peer connections may be established 
between a client and the sentry. 

24. (New) The system of Claim 17, wherein both the client and a server are required 
to exchange valid certificates in order to establish a communication session. 

25. (New) The system of Claim 17, wherein the access points in the network may be 
wired or wireless. 

26. (New) A method for assigning addresses to clients in a communication system, 
the method comprising: 

assigning a physical IP address to a client; and 
assigning a virtual IP address to the client. 

27. (New) The method of Claim 26, wherein when the client is mobile the physical 
address may change but the virtual address remains the same, thus allowing communications 
destined for the client to be routed appropriately to the client's current location. 
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28. (New) The method of Claim 26, wherein the physical IP address is assigned to 
the client using a dynamic host configuration protocol (DHCP). 

29. (New) The method of Claim 28, wherein the communication system further 
comprises an access controller which acts as the DHCP server. 

30. (New) The method of Claim 26, wherein the virtual address is a public IP 
address. 

31. (New) The method of Claim 26, wherein the communication system further 
comprises a sentry that is assigned to the client, wherein the virtual address is obtained from the 
sentry. 

32. (New) The method of Claim 26, wherein the virtual address is network address 
translated (NATed). 

33. (New) The method of Claim 26, wherein the communication system utilizes both 
asymmetrical and symmetrical encryption to ensure confidentiality. 

34. (New) The method of Claim 26, wherein in the communication system 
authentication is provided centrally, after which peer-to-peer connections may be established 
between the client and a sentry. 
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